Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: whitesee.exe, 00000001.00000003.266621743.00000000009D4000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACer |
Source: whitesee.exe, 00000001.00000002.277685320.0000000000A19000.00000004.00000020.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: whitesee.exe, 00000001.00000003.268159009.00000000009EF000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: whitesee.exe, 00000001.00000003.266621743.00000000009D4000.00000004.00000001.sdmp | String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0= |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: whitesee.exe, 00000001.00000002.277685320.0000000000A19000.00000004.00000020.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: whitesee.exe, 00000001.00000002.277685320.0000000000A19000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: whitesee.exe, 00000001.00000003.266621743.00000000009D4000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.digicert.com0: |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ocsp.digicert.com0N |
Source: whitesee.exe, 00000001.00000003.266621743.00000000009D4000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.msocsp.com0 |
Source: whitesee.exe, 00000001.00000002.277685320.0000000000A19000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.sectigo.com0) |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: mozglue.dll.1.dr | String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: http://www.mozilla.com0 |
Source: whitesee.exe, 00000001.00000003.277129860.000000001E950000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.c |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/?ocid=iehp |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/?ocid=iehp;b |
Source: whitesee.exe, 00000001.00000003.277129860.000000001E950000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/de-ch/?ocid=iP |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp%wL |
Source: whitesee.exe, 00000001.00000003.277129860.000000001E950000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/de-chx |
Source: whitesee.exe, 00000001.00000003.277129860.000000001E950000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/de-chx;http://www.msn.com/de-ch/ |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtabd |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/Q |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/a |
Source: whitesee.exe, 00000001.00000002.277281514.0000000000560000.00000040.00000001.sdmp | String found in binary or memory: https://onedrive.live.com/download?cid=4C3F5C65A99DA195&resid=4C3F5C65A99DA195%21225&authkey=ANo4F75 |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: whitesee.exe, 00000001.00000002.277685320.0000000000A19000.00000004.00000020.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: https://ss0idq.bl.files.1drv.com/ |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: https://ss0idq.bl.files.1drv.com/y4mQN2g4GgaGX8ZGUXNqQ9hde_O6JGjOsty8WqfLMPhATLhO20zWV-XHuQgnqXqMGZf |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: https://techvita.biz/ |
Source: whitesee.exe, 00000001.00000003.266245528.00000000009A6000.00000004.00000001.sdmp | String found in binary or memory: https://techvita.biz/7 |
Source: whitesee.exe, 00000001.00000003.266233315.000000000098C000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000003.277143523.000000001E060000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277644333.00000000009D4000.00000004.00000020.sdmp | String found in binary or memory: https://techvita.biz/PL341/index.php |
Source: whitesee.exe, 00000001.00000002.277644333.00000000009D4000.00000004.00000020.sdmp | String found in binary or memory: https://techvita.biz/PL341/index.php;Ow |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: https://techvita.biz/PL341/index.phpNCYCDFIJJ.xlsx |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: https://techvita.biz/l |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, softokn3.dll.1.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: https://www.google.com/chrome/ |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: https://www.google.com/chrome/Ob |
Source: whitesee.exe, 00000001.00000003.268159009.00000000009EF000.00000004.00000001.sdmp | String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.pgg |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp | String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png |
Source: whitesee.exe, 00000001.00000003.267935620.00000000009F7000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0 |
Source: whitesee.exe, 00000001.00000003.268363493.0000000000A0E000.00000004.00000001.sdmp, 67227813536691329426550.tmp.1.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02191F20 NtSetInformationThread,TerminateProcess, | 0_2_02191F20 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02190242 EnumWindows,NtSetInformationThread,TerminateProcess, | 0_2_02190242 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02191679 NtWriteVirtualMemory, | 0_2_02191679 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02193498 NtSetInformationThread,TerminateProcess, | 0_2_02193498 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02193B9F NtResumeThread, | 0_2_02193B9F |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_021937FE NtProtectVirtualMemory, | 0_2_021937FE |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02191716 NtWriteVirtualMemory, | 0_2_02191716 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02193C0D NtResumeThread, | 0_2_02193C0D |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02193C5E NtResumeThread, | 0_2_02193C5E |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_0219187D NtWriteVirtualMemory, | 0_2_0219187D |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02190285 NtSetInformationThread,TerminateProcess, | 0_2_02190285 |
Source: C:\Users\user\Desktop\whitesee.exe | Code function: 0_2_02193BA5 NtResumeThread, | 0_2_02193BA5 |
Source: whitesee.exe, 00000000.00000002.223384637.0000000000409000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameGROSGRAINBRITIS.exe vs whitesee.exe |
Source: whitesee.exe, 00000000.00000002.223921366.0000000002910000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameGROSGRAINBRITIS.exeFE2XNN9 vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.257476126.000000001ECB4000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameapisetstubj% vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenss3.dll0 vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenssdbm3.dll0 vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.261114481.000000001E2B0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameucrtbase.dllj% vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamesoftokn3.dll0 vs whitesee.exe |
Source: whitesee.exe, 00000001.00000002.287326264.000000001DC50000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemswsock.dll.muij% vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.261725476.0000000000060000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamevcruntime140.dll^ vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.259615178.000000001ED04000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamemozglue.dll0 vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.260016352.000000001E064000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamemsvcp140.dll^ vs whitesee.exe |
Source: whitesee.exe, 00000001.00000000.222588124.0000000000409000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameGROSGRAINBRITIS.exe vs whitesee.exe |
Source: whitesee.exe, 00000001.00000002.287350023.000000001DDA0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.273555829.000000001EEA0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamefreebl3.dll0 vs whitesee.exe |
Source: whitesee.exe | Binary or memory string: OriginalFilenameGROSGRAINBRITIS.exe vs whitesee.exe |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID; |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: SELECT ALL id FROM %s; |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */); |
Source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr | Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264093965.000000001F6C4000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264426222.000000001F6D8000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: whitesee.exe, 00000001.00000003.259615178.000000001ED04000.00000004.00000001.sdmp, mozglue.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nss3.dll.1.dr |
Source: | Binary string: ucrtbase.pdb source: whitesee.exe, 00000001.00000003.261114481.000000001E2B0000.00000004.00000001.sdmp, ucrtbase.dll.1.dr |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: whitesee.exe, 00000001.00000003.261795051.000000001F62C000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261982426.000000001F654000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-debug-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261795051.000000001F62C000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: whitesee.exe, 00000001.00000003.273555829.000000001EEA0000.00000004.00000001.sdmp, freebl3.dll.1.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.263922518.000000001F6AC000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264903612.000000001F6F4000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261958183.000000001F650000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257868373.000000001ECAC000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: whitesee.exe, 00000001.00000003.261725476.0000000000060000.00000004.00000001.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.258050368.000000001ECB4000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: whitesee.exe, 00000001.00000003.259615178.000000001ED04000.00000004.00000001.sdmp, mozglue.dll.1.dr |
Source: | Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257134119.000000001ECA8000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262322263.000000001F674000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-console-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.272324790.000000001F2F0000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: whitesee.exe, 00000001.00000003.273555829.000000001EEA0000.00000004.00000001.sdmp, freebl3.dll.1.dr |
Source: | Binary string: api-ms-win-core-file-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261795051.000000001F62C000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264426222.000000001F6D8000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.258008597.000000001ECAC000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdb source: whitesee.exe, 00000001.00000003.260016352.000000001E064000.00000004.00000001.sdmp, msvcp140.dll.1.dr |
Source: | Binary string: ucrtbase.pdbUGP source: whitesee.exe, 00000001.00000003.261114481.000000001E2B0000.00000004.00000001.sdmp, ucrtbase.dll.1.dr |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264903612.000000001F6F4000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257271252.000000001ECA8000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257649667.000000001ECBC000.00000004.00000001.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261795051.000000001F62C000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.258008597.000000001ECAC000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: whitesee.exe, 00000001.00000003.261982426.000000001F654000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264093965.000000001F6C4000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: whitesee.exe, 00000001.00000003.260978377.000000001ECE4000.00000004.00000001.sdmp, softokn3.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257567366.000000001ECB4000.00000004.00000001.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr |
Source: | Binary string: vcruntime140.i386.pdb source: whitesee.exe, 00000001.00000003.261725476.0000000000060000.00000004.00000001.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.258213850.000000001ECB8000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264903612.000000001F6F4000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: whitesee.exe, 00000001.00000003.265434867.000000001EA50000.00000004.00000001.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.262521371.000000001F678000.00000004.00000001.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: whitesee.exe, 00000001.00000003.260016352.000000001E064000.00000004.00000001.sdmp, msvcp140.dll.1.dr |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: whitesee.exe, 00000001.00000003.261795051.000000001F62C000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264426222.000000001F6D8000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.257476126.000000001ECB4000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.261982426.000000001F654000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.263922518.000000001F6AC000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: whitesee.exe, 00000001.00000003.264903612.000000001F6F4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\msvcp140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\nss3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\mozglue.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\ucrtbase.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\vcruntime140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | File created: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\whitesee.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\83235B7C\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: vmicshutdown |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: whitesee.exe, 00000001.00000002.277559266.0000000000947000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW@x |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: vmicvss |
Source: whitesee.exe, 00000001.00000003.266233315.000000000098C000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: whitesee.exe, whitesee.exe, 00000001.00000002.277281514.0000000000560000.00000040.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: whitesee.exe, 00000000.00000002.229468015.000000000460A000.00000004.00000001.sdmp, whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: whitesee.exe, 00000001.00000002.277762934.000000000240A000.00000004.00000001.sdmp | Binary or memory string: vmicheartbeat |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: \ElectrumGr |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: bC:\Users\user\AppData\Roaming\Electrum\wallets\\electrum.datistorytaWeb Datab Datas\Cookies\\*.txt*.cookie |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: (\Jaxx\Local Storage\ |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: "%APPDATA%\Exodus\Qt9 |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: (\Jaxx\Local Storage\ |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: techvita.biz443AppData\Roaming\Ethereum\keystore\\s\\t.dat |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: "%APPDATA%\Exodus\Qt9 |
Source: whitesee.exe, 00000001.00000002.277579718.0000000000971000.00000004.00000020.sdmp | String found in binary or memory: \Ethereumat |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: techvita.biz443AppData\Roaming\Ethereum\keystore\\s\\t.dat |
Source: whitesee.exe, 00000001.00000002.277611176.00000000009A6000.00000004.00000020.sdmp | String found in binary or memory: >%appdata%\Electrum-LTC\wallets\lectrum\wallets\er Data\\\Web DataData\Web Dataab DataCookies\\*.cookiextie |